forbid cache poisoning via botched reset calls

2017-06-28 11:36:34 +02:00
parent 7439bbaba2
commit 9d83214158
1 changed files with 3 additions and 2 deletions
--- a/rpc.js
+++ b/rpc.js
@@ -578,8 +578,7 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
        });
    }

-    var pins = session.channels = {};
-
+    var pins = {};
    getMultipleFileSize(Env, channelList, function (e, sizes) {
        if (e) { return void cb(e); }
        var pinSize = sumChannelSizes(sizes);
@@ -606,6 +605,8 @@ var resetUserPins = function (Env, publicKey, channelList, cb) {
                    pins[channel] = true;
                });

+                // update in-memory cache IFF the reset was allowed.
+                session.channels = pins;
                getHash(Env, publicKey, function (e, hash) {
                    cb(e, hash);
                });